Open VSX rotates tokens amid supply-chain malware concerns
The Open VSX registry just had a bit of a scare when access tokens were accidentally leaked by developers in public repositories. This slip-up allowed some sneaky threat actors to try and publish m...
The Open VSX registry just had a bit of a scare when access tokens were accidentally leaked by developers in public repositories. This slip-up allowed some sneaky threat actors to try and publish malicious extensions, aiming for a supply-chain attack. Talk about a bad day at the office!
In response, Open VSX quickly rotated those access tokens to cut off the attackers' access. It’s a reminder for all developers out there to keep their credentials under wraps and double-check what they’re sharing online. If you’re involved in software development, make sure you’re not exposing sensitive stuff in public repositories. Better safe than sorry, right?
More insights from the team
Continue exploring adjacent research and threat briefings selected for their relevance to this topic.
U.S. Congressional Budget Office faces suspected cyberattack
The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...
Researchers uncover vulnerabilities in ChatGPT that expose data
Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...
Gootloader malware resurfaces with new tactics after seven months
Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...